SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
BIND Bug in 'buffer.c' Constructing Query Responses Lets Remote Users Cause the Target Service to Crash
SecurityTracker Alert ID:  1036903
SecurityTracker URL:  http://securitytracker.com/id/1036903
CVE Reference:   CVE-2016-2776   (Links to External Site)
Date:  Sep 27 2016
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.0.x - 9.8.x, 9.9.0 - 9.9.9-P2, 9.9.3-S1 - 9.9.9-S3, 9.10.0 - 9.10.4-P2, 9.11.0a1 - 9.11.0rc1
Description:   A vulnerability was reported in BIND. A remote user can cause the target service to crash.

A remote user can send a specially crafted query to trigger an error in 'buffer.c' in constructing a response to the query and cause the target service to crash.

Packets with a source address that does not match the 'allow-query' statement can also trigger this flaw.

Impact:   A remote user can cause the target service to crash.
Solution:   The vendor has issued a fix (9.9.9-P3, 9.10.4-P3, 9.11.0rc3).

The vendor advisory is available at:

https://kb.isc.org/article/AA-01419

Vendor URL:  kb.isc.org/article/AA-01419 (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 27 2016 (Ubuntu Issues Fix) BIND Bug in 'buffer.c' Constructing Query Responses Lets Remote Users Cause the Target Service to Crash
Ubuntu has issued a fix for Ubuntu Linux 12.04 LTS, 14.04 LTS, and 16.04 LTS.
Sep 28 2016 (Red Hat Issues Fix) BIND Bug in 'buffer.c' Constructing Query Responses Lets Remote Users Cause the Target Service to Crash
Red Hat has issued a fix for Red Hat Enterprise Linux 5, 6, and 7.
Sep 28 2016 (Red Hat Issues Fix) BIND Bug in 'buffer.c' Constructing Query Responses Lets Remote Users Cause the Target Service to Crash
Red Hat has issued a fix for bind97 for Red Hat Enterprise Linux 5.
Sep 28 2016 (CentOS Issues Fix) BIND Bug in 'buffer.c' Constructing Query Responses Lets Remote Users Cause the Target Service to Crash
CentOS has issued a fix for CentOS 5, 6, and 7.
Sep 28 2016 (CentOS Issues Fix) BIND Bug in 'buffer.c' Constructing Query Responses Lets Remote Users Cause the Target Service to Crash
CentOS has issued a fix for bind97 for CentOS 5.
Sep 29 2016 (Oracle Issues Fix for Oracle Linux) BIND Bug in 'buffer.c' Constructing Query Responses Lets Remote Users Cause the Target Service to Crash
Oracle has issued a fix for Oracle Linux 5, 6, and 7.
Sep 29 2016 (F5 Issues Advisory for F5 Enterprise Manager) BIND Bug in 'buffer.c' Constructing Query Responses Lets Remote Users Cause the Target Service to Crash
F5 has issued an advisory for F5 Enterprise Manager.
Sep 29 2016 (F5 Issues Advisory for F5 BIG-IP) BIND Bug in 'buffer.c' Constructing Query Responses Lets Remote Users Cause the Target Service to Crash
F5 has issued an advisory for F5 BIG-IP.
Oct 10 2016 (FreeBSD Issues Fix) BIND Bug in 'buffer.c' Constructing Query Responses Lets Remote Users Cause the Target Service to Crash
FreeBSD has issued a fix for FreeBSD 9.3.
Oct 25 2016 (Red Hat Issues Fix) BIND Bug in 'buffer.c' Constructing Query Responses Lets Remote Users Cause the Target Service to Crash
Red Hat has issued a fix for Red Hat Enterprise Linux 6.2, 6.4, 6.5, 6.6, and 6.7.
Nov 4 2016 (HP Issues Fix) BIND Bug in 'buffer.c' Constructing Query Responses Lets Remote Users Cause the Target Service to Crash
HP has issued a fix for HP-UX 11.31.
Nov 11 2016 (Oracle Issues Fix for Oracle Linux) BIND Bug in 'buffer.c' Constructing Query Responses Lets Remote Users Cause the Target Service to Crash
Oracle has issued a fix for Oracle Linux 7.
Nov 18 2016 (IBM Issues Fix for IBM AIX) BIND Bug in 'buffer.c' Constructing Query Responses Lets Remote Users Cause the Target Service to Crash
IBM has issued a fix for IBM AIX 5.3, 6.1, 7.1, and 7.2.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC